top of page
perceptive_background_267k.jpg

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-t…

Published:

1 april 2026 om 22:00:00

Alert date:

2 april 2026 om 19:04:21

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Emerging Technologies

SillyTavern, a locally installed user interface for interacting with AI models, contains a path traversal vulnerability in versions prior to 1.17.0. The vulnerability exists in chat endpoints and allows authenticated attackers to read and delete arbitrary files under the user data root directory by manipulating the avatar_url parameter with directory traversal sequences. Sensitive files like secrets.json and settings.json are at risk. The issue affects users who have SillyTavern installed locally and has been patched in version 1.17.0.

Technical details

Mitigation steps:

Affected products:

SillyTavern

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-34524
https://github.com/SillyTavern/SillyTavern/releases/tag/1.17.0
https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-vprr-q85p-79mf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page